Five computer network Defence displays (one Alphanumeric and four graphical displays: Radial Traffic Analyser, Bar Graph, Cube, and Treemap) were evaluated. Two experiments were conducted using different methodological procedures. Participants responded to questions that were structured to approximate various ways in which analysts might need to consider network traffic. Numerous significant effects were obtained and a fairly clear rank ordering of performance for the four graphical displays was obtained across experiments (from best to worst): Bar Graph, Cube, Radial Traffic Analyser, and Treemap. The results are interpreted from the perspective of ecological interface design: the quality of performance is directly related to the quality of semantic mapping between work domain, display, and human constraints. Factors that may have contributed to the poor performance for the Radial Traffic Analyser and Treemap displays are discussed. General implications for display and interface design are provided. Practitioner summary: Proposed displays for computer network Defence are evaluated; the results are interpreted from the perspective of ecological interface design. The associated design principles are applicable to all analogical graphical displays. Abbreviation: CND: cyber network defence; CSE: cognitive systems engineering; EID: ecological interface design; ICMP: internet control message protocol; IP: internet protocol; RTA: radial traffic analyzer; TCP: transmission control protocol; UDP: user datagram protocol.
Keywords: Ecological interface design; computer network defense; configural displays; direct perception; semantic mapping.